Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yfEjalVGcjldTRiV4Rm0GhWLc4M.roa
File:                     yfEjalVGcjldTRiV4Rm0GhWLc4M.roa (raw, json)
Hash identifier:          h2ndnPH6JTUh/pw+/LI7vKLgFao2awpqjOMwfwP8Ln0=
Subject key identifier:   C9:F1:23:6A:55:46:72:39:5D:4D:18:95:E1:19:B4:1A:15:8B:73:83
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019E7511E8077F8FB1B4502921AF093589C0
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yfEjalVGcjldTRiV4Rm0GhWLc4M.roa
Signing time:             Fri 29 May 2026 18:49:28 +0000
ROA not before:           Fri 29 May 2026 18:49:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402493
IP address blocks:        151.241.223.0/24 maxlen: 24
                          151.247.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:75:11:e8:07:7f:8f:b1:b4:50:29:21:af:09:35:89:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 29 18:49:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9f1236a554672395d4d1895e119b41a158b7383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7a:67:80:b4:7f:97:a9:fd:c2:8a:f3:8a:db:
                    2c:00:b7:14:9a:ef:a1:dc:3a:c3:95:a3:f0:87:6a:
                    9b:a3:ae:d4:28:b9:70:cc:22:22:73:05:bc:09:f0:
                    56:74:33:7e:7c:cc:5c:99:0e:c8:b5:34:8f:76:27:
                    27:f0:e1:58:01:0d:5d:31:86:95:dd:9d:81:50:7b:
                    69:89:bf:3b:79:23:18:2e:c2:cd:00:b9:97:5b:59:
                    f4:3e:62:6b:b3:2e:81:f5:28:3b:da:a9:34:82:cd:
                    48:8e:ae:0a:80:77:76:7d:3c:c4:27:8e:87:b4:72:
                    23:90:9b:95:16:19:46:4e:80:5d:61:03:99:71:0b:
                    70:49:20:9d:9c:24:b9:c1:0b:99:60:b4:3c:55:b6:
                    28:c0:e2:32:e2:40:93:87:05:07:22:14:06:db:a8:
                    ae:49:11:7a:d8:f6:62:c8:4a:5e:9e:92:a5:68:9d:
                    03:35:b2:a6:02:70:a7:37:e2:77:63:4d:af:a4:db:
                    83:92:64:e4:41:a6:c5:51:46:ac:f9:9c:1e:91:e7:
                    81:99:62:2e:6c:fb:39:14:8b:a5:6a:05:03:72:11:
                    99:77:32:41:87:43:a7:5f:f7:25:e2:4d:fe:c9:b2:
                    41:b5:7a:eb:00:21:8b:5f:88:f8:c9:a4:f5:ec:0f:
                    0a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F1:23:6A:55:46:72:39:5D:4D:18:95:E1:19:B4:1A:15:8B:73:83
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/yfEjalVGcjldTRiV4Rm0GhWLc4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.241.223.0/24
                  151.247.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:46:6f:dd:ea:8e:23:3e:bf:48:85:ec:a6:e1:42:0d:71:4c:
         43:a3:c3:00:d0:74:7f:9b:5e:96:a7:bd:89:97:8c:31:a6:0a:
         97:76:a3:ab:bb:51:29:61:b1:6a:e2:b1:bf:fe:d9:b2:21:ba:
         6d:30:31:47:cc:3c:2a:d4:8d:77:e7:21:e8:b7:9b:27:76:bc:
         fa:4c:4a:bf:cb:a3:82:f6:a6:af:fd:47:78:58:51:81:7f:75:
         db:45:b5:be:4b:9d:f4:3a:7b:16:52:49:f3:c0:d3:ca:d8:67:
         4b:27:66:06:6a:da:2f:c3:bd:0f:da:8a:eb:4b:64:57:9c:45:
         64:9e:6c:23:e2:60:cb:cf:73:d2:f9:07:d0:6c:c3:df:7c:bb:
         9a:b6:e2:57:7d:0f:cc:cf:2c:7b:97:0f:67:7b:67:b4:95:ef:
         0a:47:4c:0f:00:eb:c5:86:52:1c:ae:7b:6a:6b:5e:52:6c:ba:
         aa:5a:bf:9c:4c:c6:4c:c5:40:cd:c3:ef:38:c7:ad:2d:da:fa:
         eb:2e:5b:d1:f6:64:97:6a:c2:5b:36:15:8c:72:81:a3:ce:26:
         86:ab:4f:14:52:9c:cf:da:0c:c5:d0:68:4a:da:0b:17:4e:96:
         89:cb:fa:62:0a:5a:24:bf:e2:d8:3a:30:9f:f2:62:1c:6c:79:
         f7:3e:03:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ51EegHf4+xtFApIa8JNYnAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwNTI5MTg0OTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWYxMjM2YTU1NDY3MjM5NWQ0ZDE4OTVlMTE5YjQxYTE1OGI3MzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3pngLR/l6n9worzitssALcUmu+h
3DrDlaPwh2qbo67UKLlwzCIicwW8CfBWdDN+fMxcmQ7ItTSPdicn8OFYAQ1dMYaV
3Z2BUHtpib87eSMYLsLNALmXW1n0PmJrsy6B9Sg72qk0gs1Ijq4KgHd2fTzEJ46H
tHIjkJuVFhlGToBdYQOZcQtwSSCdnCS5wQuZYLQ8VbYowOIy4kCThwUHIhQG26iu
SRF62PZiyEpenpKlaJ0DNbKmAnCnN+J3Y02vpNuDkmTkQabFUUas+ZwekeeBmWIu
bPs5FIulagUDchGZdzJBh0OnX/cl4k3+ybJBtXrrACGLX4j4yaT17A8KiwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMnxI2pVRnI5XU0YleEZtBoVi3ODMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEveWZFamFsVkdjamxkVFJpVjRSbTBHaFdMYzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAl/HfAwQA
l/d2MA0GCSqGSIb3DQEBCwUAA4IBAQAmRm/d6o4jPr9Iheym4UINcUxDo8MA0HR/
m16Wp72Jl4wxpgqXdqOru1EpYbFq4rG//tmyIbptMDFHzDwq1I135yHot5sndrz6
TEq/y6OC9qav/Ud4WFGBf3XbRbW+S530OnsWUknzwNPK2GdLJ2YGatovw70P2orr
S2RXnEVknmwj4mDLz3PS+QfQbMPffLuatuJXfQ/Mzyx7lw9ne2e0le8KR0wPAOvF
hlIcrntqa15SbLqqWr+cTMZMxUDNw+84x60t2vrrLlvR9mSXasJbNhWMcoGjziaG
q08UUpzP2gzF0GhK2gsXTpaJy/piClokv+LYOjCf8mIcbHn3PgOh
-----END CERTIFICATE-----